open-consul/website/content/docs/agent/config/index.mdx

97 lines
4.5 KiB
Plaintext
Raw Normal View History

2020-04-07 18:55:19 +00:00
---
layout: docs
page_title: Configuration
2020-04-07 18:55:19 +00:00
description: >-
The agent has various configuration options that can be specified via the
command-line or via configuration files. All of the configuration options are
completely optional. Defaults are specified with their descriptions.
2020-04-07 18:55:19 +00:00
---
# Configuration
2020-04-07 18:55:19 +00:00
The agent has various configuration options that can be specified via
the command-line or via configuration files. All of the configuration
options are completely optional. Defaults are specified with their
descriptions.
2020-04-07 18:55:19 +00:00
Configuration precedence is evaluated in the following order:
2020-04-07 18:55:19 +00:00
2022-01-11 01:30:50 +00:00
1. [Command line arguments](/docs/agent/config/cli-flags)
2. [Configuration files](/docs/agent/config/config-files)
2020-04-07 18:55:19 +00:00
When loading configuration, the Consul agent loads the configuration from files and
directories in lexical order. For example, configuration file
`basic_config.json` will be processed before `extra_config.json`. Configuration
can be in either [HCL](https://github.com/hashicorp/hcl#syntax) or JSON format.
Available in Consul 1.0 and later, the HCL support now requires an `.hcl` or
`.json` extension on all configuration files in order to specify their format.
Configuration specified later will be merged into configuration specified
earlier. In most cases, "merge" means that the later version will override the
earlier. In some cases, such as event handlers, merging appends the handlers to
the existing configuration. The exact merging behavior is specified for each
option below.
The Consul agent also supports reloading configuration when it receives the
SIGHUP signal. Not all changes are respected, but those that are
documented below in the
[Reloadable Configuration](#reloadable-configuration) section. The
[reload command](/commands/reload) can also be used to trigger a
configuration reload.
You can test the following configuration options by following the
[Getting Started](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs)
tutorials to install a local agent.
## Ports Used
Consul requires up to 6 different ports to work properly, some on
TCP, UDP, or both protocols.
Review the [required ports](/docs/install/ports) table for a list of
required ports and their default settings.
## Reloadable Configuration
Reloading configuration does not reload all configuration items. The
items which are reloaded include:
- ACL Tokens
2022-01-11 01:30:50 +00:00
- [Configuration Entry Bootstrap](/docs/agent/config/config-files#config_entries_bootstrap)
- Checks
2022-01-11 01:30:50 +00:00
- [Discard Check Output](/docs/agent/config/config-files#discard_check_output)
- HTTP Client Address
- Log level
2022-01-11 01:30:50 +00:00
- [Metric Prefix Filter](/docs/agent/config/config-files#telemetry-prefix_filter)
- [Node Metadata](/docs/agent/config/config-files#node_meta)
- Some Raft options (since Consul 1.10.0)
2022-01-11 01:30:50 +00:00
- [`raft_snapshot_threshold`](/docs/agent/config/config-files#_raft_snapshot_threshold)
- [`raft_snapshot_interval`](/docs/agent/config/config-files#_raft_snapshot_interval)
- [`raft_trailing_logs`](/docs/agent/config/config-files#_raft_trailing_logs)
- These can be important in certain outage situations so being able to control
them without a restart provides a recovery path that doesn't involve
downtime. They generally shouldn't be changed otherwise.
2022-01-11 01:30:50 +00:00
- [RPC rate limiting](/docs/agent/config/config-files#limits)
- [HTTP Maximum Connections per Client](/docs/agent/config/config-files#http_max_conns_per_client)
- Services
- TLS Configuration
- Please be aware that this is currently limited to reload a configuration that is already TLS enabled. You cannot enable or disable TLS only with reloading.
documentation for config auto reload feature (#12548) * add config watcher to the config package * add logging to watcher * add test and refactor to add WatcherEvent. * add all API calls and fix a bug with recreated files * add tests for watcher * remove the unnecessary use of context * Add debug log and a test for file rename * use inode to detect if the file is recreated/replaced and only listen to create events. * tidy ups (#1535) * tidy ups * Add tests for inode reconcile * fix linux vs windows syscall * fix linux vs windows syscall * fix windows compile error * increase timeout * use ctime ID * remove remove/creation test as it's a use case that fail in linux * fix linux/windows to use Ino/CreationTime * fix the watcher to only overwrite current file id * fix linter error * fix remove/create test * set reconcile loop to 200 Milliseconds * fix watcher to not trigger event on remove, add more tests * on a remove event try to add the file back to the watcher and trigger the handler if success * fix race condition * fix flaky test * fix race conditions * set level to info * fix when file is removed and get an event for it after * fix to trigger handler when we get a remove but re-add fail * fix error message * add tests for directory watch and fixes * detect if a file is a symlink and return an error on Add * rename Watcher to FileWatcher and remove symlink deref * add fsnotify@v1.5.1 * fix go mod * do not reset timer on errors, rename OS specific files * rename New func * events trigger on write and rename * add missing test * fix flaking tests * fix flaky test * check reconcile when removed * delete invalid file * fix test to create files with different mod time. * back date file instead of sleeping * add watching file in agent command. * fix watcher call to use new API * add configuration and stop watcher when server stop * add certs as watched files * move FileWatcher to the agent start instead of the command code * stop watcher before replacing it * save watched files in agent * add add and remove interfaces to the file watcher * fix remove to not return an error * use `Add` and `Remove` to update certs files * fix tests * close events channel on the file watcher even when the context is done * extract `NotAutoReloadableRuntimeConfig` is a separate struct * fix linter errors * add Ca configs and outgoing verify to the not auto reloadable config * add some logs and fix to use background context * add tests to auto-config reload * remove stale test * add tests to changes to config files * add check to see if old cert files still trigger updates * rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig` * fix to re add both key and cert file. Add test to cover this case. * review suggestion Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * add check to static runtime config changes * fix test * add changelog file * fix review comments * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * update flag description Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> * fix compilation error * add static runtime config support * fix test * fix review comments * fix log test * Update .changelog/12329.txt Co-authored-by: Dan Upton <daniel@floppy.co> * transfer tests to runtime_test.go * fix filewatcher Replace to not deadlock. * avoid having lingering locks Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * split ReloadConfig func * fix warning message Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * convert `FileWatcher` into an interface * fix compilation errors * fix tests * extract func for adding and removing files * add a coalesceTimer with a very small timer * extract coaelsce Timer and add a shim for testing * add tests to coalesceTimer fix to send remaining events * set `coalesceTimer` to 1 Second * support symlink, fix a nil deref. * fix compile error * fix compile error * refactor file watcher rate limiting to be a Watcher implementation * fix linter issue * fix runtime config * fix runtime test * fix flaky tests * fix compile error * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * fix agent New to return an error if File watcher New return an error * add a coalesceTimer with a very small timer * extract coaelsce Timer and add a shim for testing * set `coalesceTimer` to 1 Second * add flag description to agent command docs * fix link * add Static runtime config docs * fix links and alignment * fix typo * Revert "add a coalesceTimer with a very small timer" This reverts commit d9db2fcb8213a81ac761f04b458091409c5fb1ee. * Revert "extract coaelsce Timer and add a shim for testing" This reverts commit 0ab86012a415ffeb452acf58e52c9f37c9f49254. * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> Co-authored-by: Daniel Upton <daniel@floppy.co> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-04-04 16:01:38 +00:00
- To avoid a potential security issue, the following TLS configuration parameters do not automatically reload when [-auto-reload-config](#_auto_reload_config) is enabled:
- [encrypt_verify_incoming](#encrypt_verify_incoming)
- [verify_incoming](#verify_incoming)
- [verify_incoming_rpc](#verify_incoming_rpc)
- [verify_incoming_https](#verify_incoming_https)
- [verify_outgoing](#verify_outgoing)
- [verify_server_hostname](#verify_server_hostname)
- [ca_file](#ca_file)
- [ca_path](#ca_path)
If any of those configurations are changed while [-auto-reload-config](#_auto_reload_config) is enabled,
Consul will issue the following warning, `Static Runtime config has changed and need a manual config reload to be applied`.
You must manually issue the `consul reload` command or send a `SIGHUP` to the Consul process to reload the new values.
- Watches
<!-- list of reference-style links -->
[go-sockaddr]: https://godoc.org/github.com/hashicorp/go-sockaddr/template